1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security token missing logging into cpanel

Discussion in 'Security' started by andy_pajerotdi, Oct 26, 2010.

  1. andy_pajerotdi

    andy_pajerotdi New Member

    Joined:
    Oct 16, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello there,

    i wonder if someone can help me, i keep getting a security token missing error when i go to the logon page in cpanel, it only started today or certainly in the last 3 days but it seems to be having an effect on password protected directorys, anyone else seen this before ?
     
  2. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Please try unchecking this in WHM > Tweak Settings:

     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,558
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    The security token option, as enabled or disabled via WebHost Manager, will only affect access to cPanel, WHM, and Webmail; it should not under any circumstances affect password-protected directories that are accessed through Apache/httpd.

    Please elaborate into further detail about what you are seeing that indicates an affect on password protected directories; any additional information that you can provide should help us to better identify the difficulty.
     
  4. erick_paper

    erick_paper Member

    Joined:
    Apr 19, 2005
    Messages:
    246
    Likes Received:
    0
    Trophy Points:
    16
    I ended up setting Security Tokens to "ON". Now I am logged out of my WHM altogether. How can I disable it from the command line (ssh) or something so that I can see my WHM again? Thanks!
     
  5. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    You would need to edit /var/cpanel/cpanel.config file for this line:

    Code:
    xsrftokens=1
    Please change the 1 to a 0, then save the file. At that point, run the following command to push the changes:

    Code:
    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
     
  6. furquan

    furquan Member

    Joined:
    Jul 27, 2002
    Messages:
    419
    Likes Received:
    0
    Trophy Points:
    16
    Although this is an old thread, I have been facing this issue with my servers. I have the "Security Tokens [?]" as OFF and even then I get this "WHM Login Security" warning many a times a day.

    Every time I have to login via shell and edit this file /var/cpanel/cpanel.config as mentioned by Tristan.

    Is there a permanent solution for this ?
     
  7. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    The setting keeps reverting? If it is reverting, then some cron job is likely replacing your settings with some other settings. Have you tried changing it in WHM as well to see if it stays with that new option?

    I know of one specific hosting provider who cron pushes daily /var/cpanel/cpanel.config to all their machines (or they used to). This was causing untold issues such as DNS clustering sync issues where their nameservers were having a high number of re-sync processes due to pushing that file daily. If anyone is cron setting it to be changed daily for some reason, that will cause a slew of issues.
     
  8. furquan

    furquan Member

    Joined:
    Jul 27, 2002
    Messages:
    419
    Likes Received:
    0
    Trophy Points:
    16
    Hello Tristan,

    Yes, WHM is set to OFF, but many a times during the day it gives me a warning message and I have to manually set it to 0 ( zero) to get it back working and we do not have a cron set for this :(

    Thank you
     
  9. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Please submit a ticket about this issue. If it keeps changing to 1 in that file, something is causing that to happen.
     
  10. furquan

    furquan Member

    Joined:
    Jul 27, 2002
    Messages:
    419
    Likes Received:
    0
    Trophy Points:
    16
    I'' do that, Thank you :)
     

Share This Page